Month: September 2012

Our manufacturing powerhouse ally(?) in the East have been very busy. Amidst a flood of Chinese hacking and espionage attacks against the US, three of the latest news stories stand out. From breaking into a large energy company, to increased attacks on the pentagon, to trying to smuggle tons(!) of stealth fighter skin material out of the US, our “Trading Partners” have been very busy indeed…

CHINA HACKS ENERGY COMPANY

First up, Calgary-based Telvent a company that monitors large sections of US energy industry has allegedly been infiltrated by Chinese hackers. According to KrebsonSecurity, Telvent discovered the breach of its internal systems on September 10th:

“Telvent said the attacker(s) installed malicious software and stole project files related to one of its core offerings — OASyS SCADA — a product that helps energy firms mesh older IT assets with more advanced “smart grid” technologies.”

Communication sent to Telvent customers show numerous files that were infected along with fake malicious update services AdobeUpdate.exe and nupdater.exe. The domains and captured network traffic seem to point to the Chinese hacker team the “Comment Group”.

This is very concerning as in the case of a possible future military conflict, attacking our power grid would be a top priority of the enemy.

“Their level of effort against the Department of Defense is constant”, Rear Admiral Samuel Cox said concerning the history of cyber threats, “It’s continuing apace, in fact, I’d say it’s still accelerating.”

China is well know for trying to steal military and scientific research, in an attempt to catch up on technology. How successful have they been? Just check out this cockpit comparison between China’s new Chengdu J-20 Stealth Fighter and the US F-22 Raptor:

In a full frontal view the planes look pretty much identical.

But where they have been successful in making physical copies, re-creating the actual technology has been a bit harder for them. Apparently, China cannot develop the engines needed for their Stealth Fighters internally and has to import them from Russia:

“China’s inability to domestically mass-produce modern high-performance jet engines at a consistently high-quality standard is an enduring Achilles’ heel of the Chinese military aerospace sector,” wrote Andrew Erickson, a Naval War College analyst. Erickson chalked up the engine gap to a lack of standardization, cooperation and quality control in Chinese industry.

And engines aren’t the only thing China is having a hard time reproducing. It seems the special skin used on the fighters is very difficult to make also. So, instead of trying to steal the plans on how to make it, they apparently have tried to smuggle tons of the material out of the US!

CHINA TRIES TO STEAL FIGHTER GRADE CARBON FIBER

Ming Suan Zhang was charged in Federal Court for “attempting to illegally export aerospace-grade carbon fiber“, and faces up to 20 years in prison. Allegedly, Zhang and unnamed accomplices tried to obtain the carbon fiber and have it exported out of the US to China. Luckily for the US, the company that Zhang contacted was actually a front business for Homeland Security and the “buyer” Zhang talked with was actually a US agent:

“During an April teleconference, the buyers told the agent they wanted to ship “multiple tons of carbon fiber” from the U.S. to China through a third country in order to skip having to acquire an export license, and that acquiring the carbon fiber was “problematic” because it was related to a “military matter.” When the offer to use a middleman was rebuffed, the buyers asked if the carbon fiber could be mislabeled as something else, thereby sneaking past federal authorities. The agent told the buyers that what they were doing was quite illegal.”

But that didn’t stop the determined Zhang, who pressed the matter and the agent played along. An intercepted e-mail from China stated that the material was “needed for a test flight of a new Chinese fighter jet.” And Zhang also told an undercover agent that the material was indeed for a “fighter plane“.

Zhang was promptly arrested as soon as he entered the US.

Obviously China can “obtain” military secrets from foreign countries, but they apparently don’t have the technical know-how (at least for now) to completely duplicate some weapons systems. But what if China shared the secrets they obtain through cyber-espionage with other nations, like Russia?

Moves are being made to improve our cyber defenses. But for now it looks like we will just have to batten down the hatches a little tighter in the face of a rising tide of “friendly” attacks…

Still recovering from a 2,000 person riot, the website of one of Apple’s main manufacturing plants in China – Foxconn, has been defaced according to TheHackNews.

Foxconn who manufactures electronic devices for Apple, Dell and HP, has been in the news for alleged questionable labor practices, overbearing security guards, and mistreatment of their workers. A confrontation between a worker and security guard broiled over recently and ended up in a mass riot including about 2000 people.

According to Business Week, “The unrest underscores the social strains of a Chinese export- manufacturing model where thousands of workers, mostly young, work long hours in military-style conditions, sleeping in dormitories and surrounded by security guards.”

The Hacker “Hmei7” called on one site “Indonesia’s Top Defacer” left the following message on a Foxconn site:

“hacked by Hmei7 FOXCONN owned

indonesian people is here

to be secure

your security get down! “

Hmei7 – apparently a lone hacker from Indonesia, has reportedly defaced hundred’s, and possibly thousands of web pages including Government sites. He has been responsible for hacking IBM, Microsoft, AVG and even Siemens websites.

Hmei7 doesn’t seem to do permanent damage to sites, but seems to rather enjoy just defacing them. Earning him the title “Professional Prankster” by the Tuscon Police Department webmaster after he defaced their site in 2007.

Was this a hacktivism attack? Did Hmei7 deface the webpage because of what is going on at Foxconn? No one knows for sure, but the timing is suspect.

In this issue I wrote the article “Windows 8 Security in Action” which gives a short look at the new Windows 8 look for those who haven’t seen it yet and then delve into its updated security features and lingering security issues from previous versions of Windows:

Is Windows 8 the next operating system for your enterprise? In this article, we will take a quick look at Microsoft’s new OS – Windows 8. We will see some of the new security features that make it more secure than its predecessor Windows 7. We will also run the security through the paces and see some of the possible issues that are new to the OS and some that have carried over from previous versions of Windows. From the Backtrack 5 r3 security testing platform, the author uses the Metasploit Framework and Social Engineering Toolkit to see how Windows 8 stands up to the most common internet based threats.

Raspberry Pi HackingBy Jeremiah Brott

Follow this guide at your own risk. I take no responsibility for any outcome from anything you attempt to do within this guide – says the author. The Raspberry Pi is a credit-card sized computer that plugs into your TV and a keyboard. It’s a capable little PC which can be used for many of the things that your desktop PC does, like spreadsheets, word-processing and games. It also plays high-definition video. We want to see it being used by kids all over the world to learn programming. If you love your Pi you’ll definitely love to hack it.

Malware, Botnet and cyber threats, what is happening to the cyberspace?By Pierluigi Paganini

The article proposes an analysis of the main cyber threats that worry security experts and that are profoundly changing the cyber space. The exponential growth of the number of cyber threats and attacks is rebutted by a wide range of statistical provided by reports published by the major security firms. The scenario is really scaring due concomitant action of cybercriminals, hacktivists and state sponsored hackers that are producing malware and botnets of increasing complexity.

Live Capture ProceduresBy Craig Wright

Live data capture is an essential skill in required for both Incident Handlers as well as Forensic
practitioners and it is one that is becoming more, not less, important over time as we move towards networked and cloud based systems. This article has introduced a few tools that, although free, can be used together to create a powerful network forensics and incident response toolkit. Like all of these tools, the secret comes to practice.

If your business has any IT resources at all and is connected to the Internet, it’s not a question of if you will suffer a security incident; it’s just a matter of when. Just how bad such an incident will be comes down to your patch management strategy. Patch management is critical in any size company, from the sole proprietorship to the international enterprise, and keeping up with the patching on every single server and workstation on your network is the most effective thing you can do to minimize your exposure to the threats facing your network.

There are several different ways that malicious attackers can compromise your network. Malware infected email attachments and downloads, worms that propagate from system to system, and compromised websites that deliver harmful scripts to browsers, all tend to take advantage of unpatched vulnerabilities in your operating systems, web browsers and other applications to do their damage. Guessing passwords and finding unsecured ways into networks are still out there, but it is much easier to probe for an unpatched webserver, and that same activity is usually much more difficult to detect. Once an attacker finds a flaw, they can easily exploit it with any number of canned attacks. There are even frameworks where people can create “hack in a box” type plug-ins that anyone can use, with no programming experience required.

These sorts of attacks rely on the victims to have unpatched systems running on their network. Patch management is the most effective, and the easiest way to defend against such threats. Operating system and software application vendors regularly release patches for their products, and notify their customers who have registered whenever an update is available. Some, but unfortunately not all, even provide ways for users to set their computers up to automatically download those updates to make it as easy as possible to receive and install the patches. Using patch management enables admins to deploy patches in a controlled fashion, testing them before wide scale deployment, and also to ensure that all systems are up-to-date on their patches. Patch management gives you the control you should have, to ensure that your systems are secured. Patch management also provides you a way to patch those applications that the vendors don’t provide an automated way to handle.

Patch management systems enable you to maintain full control of your systems’ patching activities. You can deploy security patches to test machines, and then push them out to all the rest of your machines, and also run reports to ensure that you have 100% compliance across all servers and workstations. You can use your patch management system to provide reports up to management and to auditors as well, so you can make sure management knows what is going on, and that auditors’ requests are easy to meet.

With patch management, you can also quickly and easily push emergency patches out to all your systems. While testing patches and deploying them in a planned manner is preferable, every so often a zero day exploit is discovered that necessitates pushing a patch out to all systems as quickly as possible. Without a patch management system, you may have to run from machine to machine, or worse still, rely upon your users to patch their own systems. With patch management, you can deploy an update from the comfort of your desk, and know that you have all your machines covered.

For the security of your network, and to ensure quick and efficient deployment of security patches to all workstations and servers, deploy a patch management application on your network today. The ease with which you can patch your systems, the reporting that it provides, and the peace of mind that comes with knowing that you are not subject to exploits of unpatched systems makes a patch management system a vital component of your network management suite.

About the author: Casper Manes writes for GFI Software Ltd, a leading software developer that provides a single source for network administrators to address their network security, content security and messaging needs.
All product and company names herein may be trademarks of their respective owners.